CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/22 7:50 a.m.•5 views

CVE-2026-7798 FluentCRM <= 2.9.87 - Unauthenticated Blind Server-Side Request Forgery via 'SubscribeURL' Parameter

The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.9.87 via the 'SubscribeURL' parameter. This makes it possible for...

5.4CVSS5.8AI score0.00645EPSS

ATTACKERKB•added 2026/05/22 7:50 a.m.•11 views

CVE-2026-7798

5.4CVSS5.8AI score0.00645EPSS

Exploits0References9

CVE•added 2026/05/22 7:50 a.m.•18 views

CVE-2026-7615

The CVE-2026-7615 entry concerns the WordPress Widget Context plugin (versions ≤ 1.3.3). Vulnerability: Cross-Site Request Forgery due to missing or incorrect nonce validation in save_widget_context_settings, allowing unauthenticated attackers to modify widget visibility context settings stored i...

4.3CVSS5.7AI score0.00168EPSS

ATTACKERKB•added 2026/05/22 7:50 a.m.•6 views

CVE-2026-7615

The Widget Context plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.3. This is due to missing or incorrect nonce validation on the savewidgetcontextsettings function. This makes it possible for unauthenticated attackers to modify widget...

4.3CVSS5.7AI score0.00168EPSS

Exploits0References9

Cvelist•added 2026/05/22 7:50 a.m.•29 views

CVE-2026-7615 Widget Context <= 1.3.3 - Cross-Site Request Forgery to Settings Update via 'wl' Parameter

4.3CVSS0.00168EPSS

NVD•added 2026/05/22 5:16 a.m.•12 views

CVE-2026-4070

The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfiemanage function which handles feed deletion via the 'delete' GET parameter. This makes it possible for...

4.3CVSS0.00164EPSS

CVE•added 2026/05/22 4:29 a.m.•20 views

CVE-2026-4070

The CVE-2026-4070 entry concerns the Alfie – Feed Plugin for WordPress (versions up to 1.2.1). It is a Cross-Site Request Forgery (CSRF) vulnerability caused by missing nonce validation in the alfie_manage() function, which handles feed deletion via the GET parameter ‘delete’. This allows an unau...

ATTACKERKB•added 2026/05/22 4:29 a.m.•12 views

CVE-2026-4070

Cvelist•added 2026/05/22 4:29 a.m.•41 views

Exploits0References6

CVE-2026-4070 Alfie <= 1.2.1 - Cross-Site Request Forgery to Feed Deletion via 'delete' Parameter

4.3CVSS0.00164EPSS

Vulnrichment•added 2026/05/22 4:29 a.m.•8 views

CVE-2026-4070 Alfie <= 1.2.1 - Cross-Site Request Forgery to Feed Deletion via 'delete' Parameter

EUVD•added 2026/05/22 4:29 a.m.•10 views

EUVD-2026-31411

EUVD•added 2026/05/22 12:31 a.m.•12 views

EUVD-2026-31370

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/event/duplicate. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan...

EUVD•added 2026/05/22 12:31 a.m.•10 views

EUVD-2026-31363

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file approveVersion. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

2.3CVSS5.8AI score0.00115EPSS

EUVD•added 2026/05/22 12:31 a.m.•12 views

EUVD-2026-31365

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file rescan. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan...

EUVD•added 2026/05/22 12:31 a.m.•7 views

EUVD-2026-31372

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file addFavoriteFolder$id. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

EUVD•added 2026/05/22 12:31 a.m.•15 views

EUVD-2026-31366

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file rescanMultiple. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

EUVD•added 2026/05/22 12:31 a.m.•13 views

EUVD-2026-31371

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/express/association/reorder. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

EUVD•added 2026/05/22 12:31 a.m.•15 views

EUVD-2026-31378

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/logs/delete. The The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan...

2.3CVSS5.8AI score0.00142EPSS